Live-Hack-CVE/CVE-2020-15653 An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. CVE project by @Sn0wAlice Create: 2023-02-03 07:55:03 +0000 UTC Push: 2023-02-03 07:55:05 +0000 UTC |

Live-Hack-CVE/CVE-2020-15656 JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk was already mitigated by various precautions in the code, resulting in this bug rated at only moderate severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:59 +0000 UTC Push: 2023-02-03 07:55:01 +0000 UTC |

Live-Hack-CVE/CVE-2019-5446 Command Injection in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to execute commands as root. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:55 +0000 UTC Push: 2023-02-03 07:54:57 +0000 UTC |

Live-Hack-CVE/CVE-2019-5445 DoS in EdgeMAX EdgeSwitch prior to 1.8.2 allow an Admin user to Crash the SSH CLI interface by using crafted commands. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:51 +0000 UTC Push: 2023-02-03 07:54:54 +0000 UTC |

Live-Hack-CVE/CVE-2020-29396 A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:48 +0000 UTC Push: 2023-02-03 07:54:50 +0000 UTC |

Live-Hack-CVE/CVE-2020-28052 An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. CVE project by @Sn0wAlice Create: 2023-02-03 07:54:44 +0000 UTC Push: 2023-02-03 07:54:46 +0000 UTC |

Live-Hack-CVE/CVE-2020-25221 get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use p CVE project by @Sn0wAlice Create: 2023-02-03 07:54:40 +0000 UTC Push: 2023-02-03 07:54:42 +0000 UTC |

Live-Hack-CVE/CVE-2020-15658 The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird CVE project by @Sn0wAlice Create: 2023-02-03 07:54:37 +0000 UTC Push: 2023-02-03 07:54:39 +0000 UTC |

Live-Hack-CVE/CVE-2020-27786 A flaw was found in the Linux kernel’s implementation of MIDI, where an attacker with a local account and the permissions to issue ioctl commands to midi devices could trigger a use-after-free issue. A write to this specific memory while freed and before use causes the flow of execution to change and possibly allow for CVE project by @Sn0wAlice Create: 2023-02-03 07:54:33 +0000 UTC Push: 2023-02-03 07:54:36 +0000 UTC |

Live-Hack-CVE/CVE-2015-5180 CVE-2015-5180 glibc: DNS resolver NULL pointer dereference with crafted record type CVE project by @Sn0wAlice Create: 2023-02-03 05:41:05 +0000 UTC Push: 2023-02-03 05:41:07 +0000 UTC |

Live-Hack-CVE/CVE-2015-3239 An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usage. CVE project by @Sn0wAlice Create: 2023-02-03 05:41:01 +0000 UTC Push: 2023-02-03 05:41:04 +0000 UTC |

Live-Hack-CVE/CVE-2015-3204 A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service (daemon crash). CVE project by @Sn0wAlice Create: 2023-02-03 05:40:58 +0000 UTC Push: 2023-02-03 05:41:00 +0000 UTC |

Live-Hack-CVE/CVE-2015-5188 It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance. CVE project by @Sn0wAlice Create: 2023-02-03 05:40:54 +0000 UTC Push: 2023-02-03 05:40:56 +0000 UTC |

Live-Hack-CVE/CVE-2015-5194 It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. CVE project by @Sn0wAlice Create: 2023-02-03 05:40:50 +0000 UTC Push: 2023-02-03 05:40:53 +0000 UTC |

Live-Hack-CVE/CVE-2015-5195 It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. CVE project by @Sn0wAlice Create: 2023-02-03 05:40:47 +0000 UTC Push: 2023-02-03 05:40:49 +0000 UTC |

Live-Hack-CVE/CVE-2015-3258 A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use this flaw to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. CVE project by @Sn0wAlice Create: 2023-02-03 05:40:43 +0000 UTC Push: 2023-02-03 05:40:45 +0000 UTC |

Live-Hack-CVE/CVE-2015-5189 A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. CVE project by @Sn0wAlice Create: 2023-02-03 05:40:38 +0000 UTC Push: 2023-02-03 05:40:41 +0000 UTC |

Live-Hack-CVE/CVE-2018-3859 An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code executio CVE project by @Sn0wAlice Create: 2023-02-03 05:40:35 +0000 UTC Push: 2023-02-03 05:40:37 +0000 UTC |

Live-Hack-CVE/CVE-2018-3871 An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. CVE project by @Sn0wAlice Create: 2023-02-03 05:40:31 +0000 UTC Push: 2023-02-03 05:40:33 +0000 UTC |

Live-Hack-CVE/CVE-2018-3858 An exploitable heap overflow exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to exec CVE project by @Sn0wAlice Create: 2023-02-03 05:40:27 +0000 UTC Push: 2023-02-03 05:40:29 +0000 UTC |